CVSSv4 Score

SVR will now support entering all new CVSS scores using the v4 standard. After a CVSS v4 score is entered, the score appears in the User Interface (UI), API, XML, email notifications, and PDF reports.

In the User Interface

The CVSS v4 score is noted with a blue v4 after the score.

In the API

API calls returning CVSS data return another set of values for CVSS v4, so that you can programmatically differentiate between CVSSv2, CVSSv3, and CVSSv4 scores.

/api/advisories/

/api/vulnerabilities/

In the XML

A change to the schema is necessary to add specific values for CVSSv4 scores. As with the json API values above, a second cvss4 labeled value was added to distinguish v4 scores.

In Email Notifications

Emails contain CVSSv4 labels. The Advisory will show latest CVSS version.

Note:Email notifications will include CVSS overall score.

In a PDF Report

PDF reports containing CVSS values will show CVSS v3 or CVSS v4 as appropriate.